Check or Attack Name: Disabled Account Blank Pwd

A disabled user account has been detected with a blank password. Blank passwords allow attackers unauthorized access, including the ability to take over and replace processes, and access other computers on the network.

Require that users must use a minimum length for their passwords, or install a password filter to reject weak password choices. Remove the account if it is not needed.

To require users to use a minimum length for their passwords, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. From the Policies menu, select Account to display the Account Policy dialog box.
3. In the Minimum Password Length field, specify a minimum length of at least seven characters.

—AND—

For maximum password security, apply the passfilt.dll password filter to reduce guessable passwords. See Microsoft Knowledge Base Article Q161990 "How to Enable Strong Password Functionality in Windows NT" at http://support.microsoft.com/support/kb/articles/q161/9/90.asp.

—OR—

Remove the user account if it is not needed. To remove a user account, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the user from the list.
3. Press Delete and confirm the delete operation.